Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 25 Sep 2004 13:39:08 -0400 (EDT)
From:      Robert Watson <rwatson@freebsd.org>
To:        Hannes Mehnert <hannes@mehnert.org>
Cc:        freebsd-current@freebsd.org
Subject:   Re: 5.3 IPSEC broken
Message-ID:  <Pine.NEB.3.96L.1040925133727.79682B-100000@fledge.watson.org>
In-Reply-To: <20040925145534.GD5307@mehnert.org>

next in thread | previous in thread | raw e-mail | index | archive | help

On Sat, 25 Sep 2004, Hannes Mehnert wrote:

> On Fri, Sep 24, 2004 at 10:58:33PM -0400, Robert Watson wrote:
> > I'd like to take a look at this sometime in the next few days.  Could you
> > send me an appropriately censored version of your racoon configuration for
> > each endpoint that I can use as a starting point?
> 
> Sure, my config files are available at https://berlin.ccc.de/~hannes/racoon/
> 
> I use a /30 subnet for IPSec, 192.168.2.40/30.

So an interesting first observation for anyone else following this is that
under mbuma, the number of bytes available in an mbuf has changed by four
due (presumably) to the use of extra space by mbuma:

4.x:

 MSIZE:     256
 MLEN:      236
 MHLEN:     212
 MINCLSIZE: 213
 sizeof(struct m_hdr):  20
 sizeof(struct pkthdr): 24

5.x:
 MSIZE:     256
 MLEN:      232
 MHLEN:     208
 MINCLSIZE: 209
 sizeof(struct m_hdr):  24
 sizeof(struct pkthdr): 24

So presumably something in pfkey was carefully (or accidentally) designed
to assume that some object/content would fit in MLEN or MHLEN that no
longer does.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Principal Research Scientist, McAfee Research





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040925133727.79682B-100000>